Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About juhiacc
juhiacc
Explorer
Member since:
07-29-2022
01-16-2025
Community Statistics
| Posts | 9 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 07-29-2022 |
Activity Feed
- Posted Re: Unable to find the source of Uberagent logs indexing in main index on Splunk Enterprise. 01-14-2025 07:09 AM
- Posted Unable to find the source of Uberagent logs indexing in main index on Splunk Enterprise. 01-14-2025 05:34 AM
- Tagged Unable to find the source of Uberagent logs indexing in main index on Splunk Enterprise. 01-14-2025 05:34 AM
- Tagged Unable to find the source of Uberagent logs indexing in main index on Splunk Enterprise. 01-14-2025 05:34 AM
- Posted Re: Discrepancy in data being pulled from DbConnect app vs the events in Splunk. on Knowledge Management. 09-01-2022 03:17 AM
- Tagged Re: Discrepancy in data being pulled from DbConnect app vs the events in Splunk. on Knowledge Management. 09-01-2022 03:17 AM
- Posted Re: Discrepancy in data being pulled from DbConnect app vs the events in Splunk. on Knowledge Management. 08-29-2022 03:46 AM
- Tagged Re: Discrepancy in data being pulled from DbConnect app vs the events in Splunk. on Knowledge Management. 08-29-2022 03:46 AM
- Posted Re: Discrepancy in data being pulled from DbConnect app vs the events in Splunk. on Knowledge Management. 08-29-2022 02:18 AM
- Tagged Re: Discrepancy in data being pulled from DbConnect app vs the events in Splunk. on Knowledge Management. 08-29-2022 02:18 AM
- Posted Re: Discrepancy in data being pulled from DbConnect app vs the events in Splunk. on Knowledge Management. 08-29-2022 12:59 AM
- Tagged Re: Discrepancy in data being pulled from DbConnect app vs the events in Splunk. on Knowledge Management. 08-29-2022 12:59 AM
- Posted Why is there a discrepancy in data being pulled from DbConnect app vs the events in Splunk? on Knowledge Management. 08-28-2022 11:33 PM
- Tagged Why is there a discrepancy in data being pulled from DbConnect app vs the events in Splunk? on Knowledge Management. 08-28-2022 11:33 PM
- Tagged Why is there a discrepancy in data being pulled from DbConnect app vs the events in Splunk? on Knowledge Management. 08-28-2022 11:33 PM
- Tagged Why is there a discrepancy in data being pulled from DbConnect app vs the events in Splunk? on Knowledge Management. 08-28-2022 11:33 PM
- Posted Which Splunk Capability allows to enable OR disable a Splunk app? on Deployment Architecture. 07-29-2022 07:04 AM
- Tagged Which Splunk Capability allows to enable OR disable a Splunk app? on Deployment Architecture. 07-29-2022 07:04 AM
- Tagged Which Splunk Capability allows to enable OR disable a Splunk app? on Deployment Architecture. 07-29-2022 07:04 AM
- Tagged Which Splunk Capability allows to enable OR disable a Splunk app? on Deployment Architecture. 07-29-2022 07:04 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
01-14-2025
07:09 AM
Thanks @defection-io for responding. The query is returning hosts which are basically our Indexers. We had config files in Indexers taht was removed as part of removing config files from Splunk environment. Regarding the source column , it is /opt/splunk/var/log/splunk/metrics.log so not of much help.
... View more
01-14-2025
05:34 AM
Hi We had UberAgent apps installed in Splunk environment and recently we deleted the apps along with the index. We see that due to index deletion , data is getting in main index from very few servers/devices. But not sure where this data is coming from since we have removed the UberAgent apps from everywhere. Any suggestions where should we be looking at to find the source? There are no related HEC tokens OR scripts that is to be found. Warm Regards !
... View more
Labels
- Labels:
-
using Splunk Enterprise
09-01-2022
03:17 AM
Sure, Let me try this out and revert.
... View more
- Tags:
- dbconnect
08-29-2022
03:46 AM
Yes timestamp of splunk has been matched with the timestamp column of table and data is as old as 2021. So we have to use 'All Time' in Splunk while searching for entire data. Thus it brings in that data as well which now may no longer is been present in the table.
... View more
- Tags:
- dbconnect
08-29-2022
02:18 AM
There is no such column/field as 'action'. The problem is that the entry will be deleted from the main table if someone performs any DML, but splunk still will be having that entry as part of events. In short if table has 100 entries, we only want to see 100 entries in Splunk too at that point of time. But if after sometime table has 99 entries (1 row gets deleted) then also we want splunk to show 99 entries to us.
... View more
- Tags:
- dbconnect
08-29-2022
12:59 AM
Thanks for responding. The stats latest command will still show us the entries which no longer are in table as it got removed from the main table. For example, if there is a record -X in table at 1pm , and it got removed at 4pm from table. Splunk will still be showing it as our splunk events will be fetching everything.
... View more
- Tags:
- dbconnect
08-28-2022
11:33 PM
We have configured DBConnect data from MySQL db under some index at hourly frequency. Data is being pulled however we see that the count of Splunk events is much higher than the count of rows in its respective table. This is due to the fact that the SQL table is real-time in nature and always have the entries updating, whereas, Splunk keeps storing the entries as per the hourly execution frequency. So as a result, Splunk will have historical events too which currently is not present in SQL table. We need to counter this situation as we plan to build some analytics report on this data so it has to be true and updated in Splunk as well.
... View more
07-29-2022
07:04 AM
We have a Splunk app, that needs to be disabled by the users themselves as per the systems health and maintenance mode. Curious to know which role/capability in splunk is responsible for granting this level of access.
Already have revisited `edit_local_apps` capability as part of https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Rolesandcapabilities#Add.2C_edit.2C_and_remove_capabilities_from_roles and this doesn't seems to answer the query.
Thanks
... View more
Labels
- Labels:
-
search head
07-29-2022
07:00 AM
hi @jthunnissen - Any leads on this ?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
01-16-2025
12:01 AM
|
